The speaker(s)/presenter(s) of the session you are trying to access did not provide permission to record their presentation. Consequently, the video recording is not available.
Education Level: Basic
6419 - The Insecurity of Industrial Things
Wednesday, September 27
2:15 PM - 3:15 PM
When hearing the buzzword “Internet of Things,” we typically think of the consumer world: smart toasters and connected fridges. However, there is a staggering number of networked embedded devices that perform life- and mission-critical tasks that our daily lives depend on. We haven’t thought of these new types of devices as miniature computers that need the same care in deployment, management and protection as our servers, computers and mobile phones. The mainstream security industry has been asleep at the wheel and largely overlooked one of the world’s most vital technology sectors: embedded, automation and control systems. This is a huge blind spot. Embedded devices, such as ICS and SCADA systems, are the low-hanging fruit for potential attackers: They are abundant, easy to compromise, connected to high-value networks and detection often only happens after the fact.
In this talk we will share real-world vulnerabilities in industrial control environments and discuss why these insecure design patterns exist, including business drivers and technology factors. We will share stories and anecdotes based on 10 years of research, training and consulting. Attendees will get an inside view into how attackers operate and walk away knowing what to look for when future-proofing our industrial control systems.
- Identify threats from connected embedded devices.
- Conduct technology vendor assessments based on a technology's effectiveness in detecting new types of threats.
- Articulate the importance of implementing visibility and threat detection tools specifically designed for embedded devices.